<?php

/**
 * @author      :   DungCV
 * @name        :   My_Plugin_Acl
 * @version     :   201104
 * @copyright   :   My company
 * @todo        :   Acl plugin
 */
class My_Plugin_Acl extends Zend_Controller_Plugin_Abstract {

    private $authRequired = array(
        array(
            'module' => 'frontend',
            'controller' => 'order',
            'action' => 'complete'
        ),
        array(
            'module' => 'frontend',
            'controller' => 'order',
            'action' => 'manage'
        ),
        array(
            'module' => 'frontend',
            'controller' => 'user',
            'action' => 'add'
        ),
        array(
            'module' => 'frontend',
            'controller' => 'user',
            'action' => 'edit'
        ),
    );

    public function dispatchLoopStartup(Zend_Controller_Request_Abstract $request) {
        $module = strtolower($request->getParam('module'));
        $controller = strtolower($request->getParam('controller'));
        $action = strtolower($request->getParam('action'));

        $requireLogin = true;

        // check require login
        if ($module == 'backend') {
            switch ($controller) {
                case 'message' :
                case 'auth' :
                    $requireLogin = false;
                    break;
                default :
                    $requireLogin = true;
                    break;
            }
        } else if ($module == 'frontend') {
            $requireLogin = (in_array(array(
                        'module' => $module,
                        'controller' => $controller,
                        'action' => $action
                            ), $this->authRequired)) ? true : false;
        } else {
            // other module
            $requireLogin = false;
        }

        if ($requireLogin) {
            $auth = Zend_Auth::getInstance();
            if (!$auth->hasIdentity()) {
                return $request->setModuleName('frontend')->setControllerName('foconnect')->setActionName('login');
            }

            /*if ($module == 'backend') {
                // is locked account
//                $acl = My_Acl::getInstance();
//                $isAllowed = $acl->isUserOrRoleAllowed(GID, UID, $module, $controller, $action);
//                if (!$isAllowed) {
//                    return $request->setModuleName('backend')->setControllerName('message')->setActionName('deny');
//                }
            }*/
        }
    }

}